Xen project Mailing List

Re: [PATCH v4 02/11] vpci: cancel pending map/unmap on vpci removal

To: Jan Beulich <jbeulich@xxxxxxxx>, Roger Pau Monné <roger.pau@xxxxxxxxxx>

From: Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Date: Thu, 18 Nov 2021 13:48:06 +0000

Accept-language: en-US

Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=epam.com; dmarc=pass action=none header.from=epam.com; dkim=pass header.d=epam.com; arc=none

Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nbg+UYZgRAFSEXvRxiZrMy4N46RL/4mL3h1polXP4v4=; b=fH0DSwyK5ui8ekdTVX8TRgGAfaLWppGf9/e+pCLNko4PdJDCObEFkbqU95OTLcZqiXw7TiMpQwGHlCmJPrGru35UnXjMO91qdi8IIK1gk9gzYU82158e3+A9eUj54/C9ec85zLlnSOmMKTGlZSYSn76Bl7qfD3VLbZm1ZdWFfi1DjuN0kFl6Bd9rYDNvr5kLTh51Wxdo0VcYs+bUN684qIOQPdP3wVbZcbyYm4vb5OLNSBWGk5m5NAcLZta25ogygXr/arIYffAyxzB8dVx2ZCK0Ztx9F4hjreC92l7ALWPFdc24b+JXPDD3HofknOGoTNRacjzSSzrOIbOEhuaWEw==

Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=iWVp4coT/c+yB002O1Xkno8QrGCypWBXB8nP9ohSqfXYbw/nstVTunYGU0vwlqjx266eyq/CCMJFs3WLjYxTkbwBRiduZ3RVTk7ufAoVccanay6UGPDhhSxFPp7bKLtuTieQAEIM5dFKiEboD5iNzpd351izvAQ9ZDCPviETUQU4QwD1hr7eccmWTznpifd7/xXwx7iI+3qSnsHdX5+ODY2fAsFWscOk4c7wVX4stj2wZEsEdFwCfl7CMUta/21BBFX25V1r6geuZMc1Yz3eFDVresqR1IBLg/IQHSJu8oKNJZU0Ge6M89wc8mkd2/1vuUqJeIG/OqzsGm6vSQhcPw==

Cc: "julien@xxxxxxx" <julien@xxxxxxx>, "sstabellini@xxxxxxxxxx" <sstabellini@xxxxxxxxxx>, Oleksandr Tyshchenko <Oleksandr_Tyshchenko@xxxxxxxx>, Volodymyr Babchuk <Volodymyr_Babchuk@xxxxxxxx>, Artem Mygaiev <Artem_Mygaiev@xxxxxxxx>, "andrew.cooper3@xxxxxxxxxx" <andrew.cooper3@xxxxxxxxxx>, "george.dunlap@xxxxxxxxxx" <george.dunlap@xxxxxxxxxx>, "paul@xxxxxxx" <paul@xxxxxxx>, Bertrand Marquis <bertrand.marquis@xxxxxxx>, Rahul Singh <rahul.singh@xxxxxxx>, "xen-devel@xxxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Oleksandr Andrushchenko <Oleksandr_Andrushchenko@xxxxxxxx>

Delivery-date: Thu, 18 Nov 2021 13:48:30 +0000

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

Thread-index: AQHX0hJIYALl/D9fL0OD6N0XGDJh2awHdhMAgAGHTYCAAA1EAIAABOkAgAAF6YCAAATnAIAAQRQAgAAGPgA=

Thread-topic: [PATCH v4 02/11] vpci: cancel pending map/unmap on vpci removal

On 18.11.21 15:25, Jan Beulich wrote: > On 18.11.2021 10:32, Oleksandr Andrushchenko wrote: >> >> On 18.11.21 11:15, Jan Beulich wrote: >>> On 18.11.2021 09:54, Oleksandr Andrushchenko wrote: >>>> On 18.11.21 10:36, Jan Beulich wrote: >>>>> On 18.11.2021 08:49, Oleksandr Andrushchenko wrote: >>>>>> On 17.11.21 10:28, Jan Beulich wrote: >>>>>>> On 05.11.2021 07:56, Oleksandr Andrushchenko wrote: >>>>>>>> From: Oleksandr Andrushchenko <oleksandr_andrushchenko@xxxxxxxx> >>>>>>>> >>>>>>>> When a vPCI is removed for a PCI device it is possible that we have >>>>>>>> scheduled a delayed work for map/unmap operations for that device. >>>>>>>> For example, the following scenario can illustrate the problem: >>>>>>>> >>>>>>>> pci_physdev_op >>>>>>>> pci_add_device >>>>>>>> init_bars -> modify_bars -> defer_map -> >>>>>>>> raise_softirq(SCHEDULE_SOFTIRQ) >>>>>>>> iommu_add_device <- FAILS >>>>>>>> vpci_remove_device -> xfree(pdev->vpci) >>>>>>>> >>>>>>>> leave_hypervisor_to_guest >>>>>>>> vpci_process_pending: v->vpci.mem != NULL; v->vpci.pdev->vpci >>>>>>>> == NULL >>>>>>>> >>>>>>>> For the hardware domain we continue execution as the worse that >>>>>>>> could happen is that MMIO mappings are left in place when the >>>>>>>> device has been deassigned >>>>>>>> >>>>>>>> For unprivileged domains that get a failure in the middle of a vPCI >>>>>>>> {un}map operation we need to destroy them, as we don't know in which >>>>>>>> state the p2m is. This can only happen in vpci_process_pending for >>>>>>>> DomUs as they won't be allowed to call pci_add_device. >>>>>>>> >>>>>>>> Signed-off-by: Oleksandr Andrushchenko >>>>>>>> <oleksandr_andrushchenko@xxxxxxxx> >>>>>>> Thinking about it some more, I'm not convinced any of this is really >>>>>>> needed in the presented form. >>>>>> The intention of this patch was to handle error conditions which are >>>>>> abnormal, e.g. when iommu_add_device fails and we are in the middle >>>>>> of initialization. So, I am trying to cancel all pending work which might >>>>>> already be there and not to crash. >>>>> Only Dom0 may be able to prematurely access the device during "add". >>>>> Yet unlike for DomU-s we generally expect Dom0 to be well-behaved. >>>>> Hence I'm not sure I see the need for dealing with these. >>>> Probably I don't follow you here. The issue I am facing is Dom0 >>>> related, e.g. Xen was not able to initialize during "add" and thus >>>> wanted to clean up the leftovers. As the result the already >>>> scheduled work crashes as it was not neither canceled nor interrupted >>>> in some safe manner. So, this sounds like something we need to take >>>> care of, thus this patch. >>> But my point was the question of why there would be any pending work >>> in the first place in this case, when we expect Dom0 to be well-behaved. >> I am not saying Dom0 misbehaves here. This is my real use-case >> (as in the commit message): >> >> pci_physdev_op >> pci_add_device >> init_bars -> modify_bars -> defer_map -> >> raise_softirq(SCHEDULE_SOFTIRQ) >> iommu_add_device <- FAILS >> vpci_remove_device -> xfree(pdev->vpci) >> >> leave_hypervisor_to_guest >> vpci_process_pending: v->vpci.mem != NULL; v->vpci.pdev->vpci == NULL > First of all I'm sorry for having lost track of that particular case in > the course of the discussion. No problem, I see on the ML how much you review every day... > > I wonder though whether that's something we really need to take care of. > At boot (on x86) modify_bars() wouldn't call defer_map() anyway, but > use apply_map() instead. I wonder whether this wouldn't be appropriate > generally in the context of init_bars() when used for Dom0 (not sure > whether init_bars() would find some form of use for DomU-s as well). > This is even more so as it would better be the exception that devices > discovered post-boot start out with memory decoding enabled (which is a > prereq for modify_bars() to be called in the first place). Well, first of all init_bars is going to be used for DomUs as well: that was discussed previously and is reflected in this series. But the real use-case for the deferred mapping would be the one from PCI_COMMAND register write emulation: void vpci_cmd_write(const struct pci_dev *pdev, unsigned int reg, uint32_t cmd, void *data) { [snip] modify_bars(pdev, cmd, false); which in turn calls defer_map. I believe Roger did that for a good reason not to stall Xen while doing map/unmap (which may take quite some time) and moved that to vpci_process_pending and SOFTIRQ context. > > Jan > Thank you, Oleksandr

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.